1

Does anyone knows the difference? I am decrypting a chipcard code for one of our vendors EMV machine. The algorithm is called to be 3DES0DUKPT CBC-MAC?

I have successfully done 3DES-DUKPT CBC before.... How is CBC-MAC different from CBC during the decryption process? I thought MAC is just an integrity check after the decryption..... Thank you!

Curly
  • 539
  • 2
  • 7
  • 14
  • That check should be done before, not after decryption, but yes - a MAC is just a message authentication algorithm. Chances are, it's probably integrated into encryption in that variation (as it should be) instead of performed separately. – Narf Aug 19 '15 at 20:52
  • You should be asking this question on crypto.stackexchange.com though - this question has nothing to do with programming. – Narf Aug 19 '15 at 20:54
  • I did, and you are actually the first person answering this question..... Is crypto.stackexchange.com new? I feel there are far fewer people in that forum than this. – Curly Aug 20 '15 at 13:32
  • Also, @Narf can you further elaborate on " integrated into encryption in that variation"? Are there any link or article that I can read about it? Or even some illustration from you would be really helpful. Thanks – Curly Aug 20 '15 at 13:42
  • It's nothing special ... just the MAC being added by an encrypt() function and verified, stripped by decrypt() instead of you having to do it separately. – Narf Aug 20 '15 at 14:35
  • So, in order to decrypt a string "stringEncrypt", I am able to calculate MAC (4 bytes - 8 bytes) from stringEncrypt and KSN and BDK (sessionKey is derived from KSN and BDK).... how would I strip this MAC from stringEncrypt? My MAC is not any part of the string though..... Thank you! – Curly Aug 20 '15 at 17:02
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/87514/discussion-between-curly-and-narf). – Curly Aug 20 '15 at 17:03

0 Answers0